Revisions to Federal Sentencing Guidelines Approved

The U.S. Sentencing Commission has approved changes to the Federal Sentencing Guidelines aimed at bolstering the strength and independence of the chief compliance officer, although it dropped controversial proposals to change the language about independent monitors and document retention.

The Commission approved the changes on April 7, but published the text of the new provisions only last week. The guidelines dictate what corporations should do to have an “effective” ethics and compliance program in the eyes of the law, which in turn should make the company eligible for more cooperation credit when it is under investigation. As such, the guidelines have evolved into a de facto blueprint for how companies should structure their compliance function.

The changes will take effect Nov. 1, unless Congress passes legislation in the interim to reject or modify them.

Most notably, the Commission voted to allow organizations to receive cooperation credit for having an effective compliance program even if a senior executive is involved in the wrongdoing, assuming the compliance program meets certain criteria intended to amplify the strength of the top compliance officer. Currently companies aren’t eligible for any credit at all if a senior executive is involved in the misconduct, no matter how effective its compliance program might be—which, critics say, probably explains why few companies have ever received cooperation credit.

Sentencing Commission officials could not immediately be reached for comment. Others generally praise the revisions as welcome incentives to keep compliance functions strong, but they also say companies may need to change the management of their own compliance programs to meet the amendments’ new requirements.

“It’s a great step in the right direction,” says Tim Mazur, chief operating officer for the Ethics & Compliance Officer Association. “The Sentencing Commission is clarifying that this isn’t just an administrative issue; an effective program is one where there’s a regular process for reporting to the board.”

The amendments spell out four criteria to win credit even if a high-level executive’s behavior is in question:

The person or persons with operational responsibility for the compliance and ethics program must have “direct reporting obligations to the governing authority or an appropriate sub-group,” such as an audit committee;

The compliance program must have detected the offense before any outsiders did or “before such discovery was reasonably likely;”

The company must have promptly reported the offense to appropriate governmental authorities; and

Nobody in charge of the ethics and compliance program either participated in the misconduct, condoned it, or deliberately ignored it.

The amendments define “direct reporting obligations” as meaning that the person in charge of daily compliance operations has “express authority to communicate personally to the governing authority, or appropriate subgroup thereof, (a) promptly on any matter involving criminal conduct or potential criminal conduct; and (b) no less than annually on the implementation and effectiveness of the compliance and ethics program.”

‘The Sentencing Commission is clarifying that this isn’t just an administrative issue; an effective program is one where there’s a regular process for reporting to the board.’

—Tim Mazur,

Ethics & Compliance Officer Association

Murphy

That could complicate the lives of many chief compliance officers, since they are the ones who report to the board on ethics and compliance issues, while a lower-level deputy actually oversees execution of the compliance program and reports up to the CCO.

“Companies may think they’ve got it covered, but most don’t meet the standard,” says Joseph Murphy, director of public policy for the Society of Corporate Compliance & Ethics.

Egan

Patrick Egan, co-chair of the compliance practice at law firm Fox Rothschild, agrees. Compliance officers’ reporting authority “is an area where we still see a lot of pushback,” he says, especially from smaller companies.

In comments provided to the Sentencing Commission in March, Karen Harned, executive director of the Small Business Legal Center of the National Federation of Independent Business, wrote that she wanted to see “a more flexible standard,” since most small businesses would still be excluded from getting that credit under the current language.

“Most small businesses don’t have a formal corporate structure,” Harned wrote. “There’s no board, and the owner or managing partner may have the chief compliance officer role.”

Hackett

Susan Hackett, general counsel for the Association of Corporate Counsel, suggests that companies re-assess the reporting relationships within their compliance functions “to evidence in some way that the person with substantial responsibility for compliance can get word to the board.” At the least, she says, companies should “define in writing somewhere obvious” exactly who is designated as the person with operational authority for compliance.

CURRENT REQUIREMENTS ?

Below are some of the current requirements for compliance programs under the Federal Sentencing Guidelines.

(1) Standards and procedures to prevent and detect criminal conduct

(2) Knowledge by the corporation’s board about the content and operation of the program and the exercise of reasonable oversight with respect to its implementation and effectiveness

(3) Reasonable efforts to avoid placing in a substantial authority position those whom the organization should have known had engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program

(4) Reasonable steps to communicate the program’s standards and procedures throughout the organization, and training that is tailored to each audience

(5) Reasonable steps to ensure that the corporation’s compliance program is followed, including monitoring and auditing to detect criminal conduct, periodically evaluating the program’s effectiveness, and publicizing a system that allows reporting or the receipt of guidance about potential and actual criminal conduct without fear of retaliation

(6) Consistent promotion and enforcement of the program with appropriate incentives for proper performance and appropriate disciplinary measures for those who engage in criminal conduct or fail to take reasonable steps to prevent or detect it

(7) Reasonable steps to respond appropriately to criminal conduct when detected, and to prevent further similar criminal conduct, including any needed changes to the program

Source

Gibson Dunn Alert on Sentencing Guidelines (April 13, 2010)

Murphy urges companies to provide the direct reporting authority envisioned by the Sentencing Commission in writing in a board resolution. “Companies that don’t provide that express authority will be in very bad shape if they find themselves trying to convince the Justice Department that they’re serious about preventing and detecting wrongdoing,” he says.

Both Murphy and Win Swenson, managing partner at Compliance Systems Legal Group, who led the staff unit that developed the organizational guidelines, say boards could go even further: They could craft language requiring the person with operational responsibility for compliance to go straight to the board in cases of serious allegations or where senior management is involved. That would help avoid situations where the compliance officer might feel bullied by senior management to keep quiet.

Swenson also says the changes put more emphasis on detection—an area he and others say most companies historically have overlooked. “Most compliance programs emphasize prevention, so most companies today do a poor job of compliance auditing, which is one of the best ways to detect problems,” he says.

Monitors and Documents

David Debold, chair of the Sentencing Commission’s Practitioners Advisory Group and of counsel at the law firm Gibson Dunn & Crutcher, also notes that the Commission altered some proposals and dropped others altogether.

Debold

For instance, the Commission adopted language outlining the “reasonable steps” companies may take to remedy harm resulting from criminal conduct they uncover. Those steps “may include, where appropriate” providing restitution to identifiable victims.

The phrase “where appropriate” was added in response to public comment from people worried that paying restitution might sometimes be problematic—say, due to liability issues stemming from a pending lawsuit.

The Commission dropped some other proposals, which should draw cheers from the corporate compliance community, Debold adds. For example, the Commission dropped proposed references to document retention policies and corporate monitors; both were panned by commenters as phrases sure to complicate compliance operations with little benefit.

? AND NEW CONDITIONS

Below are some of the primary changes made to the Sentencing Guidelines.

(1) Enhance the report obligations from a compliance officer to the board of directors in order for the compliance program to be deemed effective in all circumstances

(2) Clarify the steps a corporation must take to meet the Commission’s requirement for proper remediation in the event criminal conduct occurs

(3) Reject the proposed language that would have mentioned, for the first time, the appointment of monitors as a possible component of the remediation requirement or, separately, as a possible condition of probation for a convicted corporation

(4) Reject language under consideration that would have given document retention policies unique prominence in the list of compliance program requirements

Source

Gibson Dunn Alert on Sentencing Guidelines (April 13, 2010)

One proposed amendment would’ve suggested “retaining an independent monitor” a possible remedial step by companies that discover criminal conduct. But critics feared that independent person might be confused with a compliance monitor appointed as part of a deferred-prosecution agreement, and tempt federal prosecutors to insist on compliance monitors every time. Instead, then, the Commission said steps taken may include “use of an outside professional advisor to ensure adequate assessment and implementation of any modifications” to its compliance and ethics program.

In written testimony Hackett provided before the amendments’ final approval, she warned that the original language for independent monitors would become a “presumptive practice that companies are expected to consider or implement.”

“The repeated insertion of a ‘monitor option’ into the Guidelines’ Manual suggests that the Commission sees the practice as some kind of ‘best’ or common practice that judges should consider routinely, rather than the nuclear option that most folks who’ve ever worked in a monitor situation perceive it to be,” Hackett wrote.

Likewise, the panel omitted the idea of “regular or unannounced examinations of facilities” as an available probation condition. Currently, the Sentencing Guidelines only provide for regular or unannounced examinations of a corporation’s books and records. But Debold says that proposal may resurface next year, since a Justice Department representative at the hearing suggested that the Commission revisit that decision during the next amendment cycle.